zloader | da550540689b015b44a2e03f37c23ed8c8730ccf9cb611490dc76a39782dce2b | Triage

Sharing

General

Target

zloader 2_1.1.20.0.vir
Size

575KB
Sample

200719-259yta8gks
MD5

7d8bb43c8776981c2c75313cf67175f0
SHA1

d3895f0e4116c045c4e13ea478643e64b1ebf12d
SHA256

da550540689b015b44a2e03f37c23ed8c8730ccf9cb611490dc76a39782dce2b
SHA512

b74bf507bf7729ad0f231308bfcbdd36fe12dd8dcd687724d2e2e038422bcdd0e1204f59977b27988e2913329e99f7804243d9be860ae615e21154a85ffd91b5

Score

10^/10

zloader botnet persistence trojan

Malware Config

Targets

- Target
  
  zloader 2_1.1.20.0.vir
- Size
  
  575KB
- MD5
  
  7d8bb43c8776981c2c75313cf67175f0
- SHA1
  
  d3895f0e4116c045c4e13ea478643e64b1ebf12d
- SHA256
  
  da550540689b015b44a2e03f37c23ed8c8730ccf9cb611490dc76a39782dce2b
- SHA512
  
  b74bf507bf7729ad0f231308bfcbdd36fe12dd8dcd687724d2e2e038422bcdd0e1204f59977b27988e2913329e99f7804243d9be860ae615e21154a85ffd91b5
Score

10^/10

persistence trojan botnet zloader
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blacklisted process makes network request
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencetrojanbotnetzloader

behavioral2